InfoQ Homepage Security Content on InfoQ
-
Google Releases Open Source Web Application Security Assessment Tool
Google has announced the open source release of "ratproxy" - a passive web application security assessment tool.
-
Presentation: Security (CAS and OpenID) with Ruby
In this presentation from QCon SF 2007, Justin Gehtland explains two open solutions to distributed identity and their Rails integration components: the OpenID system (using ruby-openid) and CAS (using rubycas-client).
-
Excelsior JET 6.4: Smaller, Faster, More Secure Java
Since the beginning of time Java applications have been battered with complaints about startup time, memory footprint, performance and security. Recently Sun started to address some of the issues by introducing the Consumer JRE. However, Excelsior JET is a product which provides their own spin on solving these problems.
-
Ruby interpreter vulnerabilities
A few vulnerabilities were found Ruby 1.8.x and 1.9.x and could potentially allow for DoS attacks or allow attackers to execute arbitrary code. Patched versions of Ruby are already available.
-
OAuth Gaining Momentum
OAuth, an open standard for access delegation, is gaining momentum with a number of implementations including one for Spring Security.
-
SpringSource's Ben Alex Details Emerging Standards in Application Security
At JavaOne 2008 conference, Ben Alex from SpringSource talked about emerging security requirements in enterprise applications. He discussed the standards like Servlet Security, JAAS, CAPTCHA, Single Sign-On and Federated Identity using OpenID technology. The presentation also included the standards on securing web services (WS-Security), JMS messaging and ESB.
-
Architecture of a $7 Billion Loss: Causes and Remedies
PWC just released a report detailing the mechanisms that enabled a trader to mask a $75 B position. He was able to manipulate the state of a system by entering fake "technical" transactions used for simulations even though their amount was unusual, his role was not authorized to do so, and they were not later compensated. PWC also provided their recommendations to fix the systems and processes.
-
Presentation: Patterns for securing architectures
Security is about trade-offs you make with your limited resources, often a problem when designing a system or an after-thought. Few have the expertise to design good security and most development teams have no security expert. In this talk, Peter Sommerlad focuses on Security Patterns for designing security in architectures, such as Role-based Access Control, Single Access Point, and Front Door.
-
Spring (Acegi) Security 2.0 Adds OpenID Support, REST Capabilities, and Performance Improvements
Spring Security 2.0 has been released after almost two years of development. This new release replaces Acegi Security as the official security module for Spring applications and includes significant enhancements and new features.
-
Security for Services and Mashups
Security has become a rising concern in most applications and systems today. Whether you are building small mashups, enterprise applications, or a platform for SOA, there are several issues and approaches that are being discussed. Erica Naone talked about dealing with security in the world of mashups recently while Bob Rhubart and David Garrison from BEA discussed securing the services you deploy.
-
OASIS Symposium: Composability within SOA
OASIS is going to hold a 3 day symposium on the topic of "Composability within SOA" in Santa Clara, CA from April 28th to April 30th. Engineers and Scientists from vendors and end-user companies will discuss topics including mashups, Service-Oriented Ajax, SCA, BPEL, SDO, BPM, Web Service Transactions, Data Security in SOA, SOA Reference Architecture...
-
Article: Securing a Grails Application with Acegi Security
In this article, Fadi Shami gives a walkthrough of integrating the grails-acegi plugin with a sample Grails application. As part of this integration, there are three major components which are used – Groovy, Grails and Acegi Security.
-
Can Architects Stop Financial Ruin and Market Meltdowns?
The purported fraud by Jerome Kerviel at Société Générale may bring down a major financial institution and may have caused markets to tumble worldwide. Attention has turned to systems intended to prevent fraud and other illegal activities. What role can software architects play in detecting and avoiding fraud and other suspicious behavior?
-
AntiSamy 1.0 Released - Protecting web applications from malicious HTML and CSS
AntiSamy aims to provide an API for protecting HTML and CSS code from malicious content such as XSS attacks. Version 1.0 was recently released, providing a Java implementation, with .Net and PHP to follow.
-
CrossFrame - Safe, Cross Domain Widget Coordination for Mashups
Julien Lecomte has announced the availability of CrossFrame - a JavaScript library for cross domain communication between widgets hosted on different hosts. The technique, while inherently dangerous, solves an outstanding problem facing Mashup developers.